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RispJy to Office action of October 14, 2005 

REMARKS/ARGUMENTS 

Please reconsider the application in view of the above amendments and the 
following remarks. Applicants thank the Examiner for carefully considering this 
application. 

Claims 1 through 12 are in this application. Applicant has amended claims 1, 9, 
10 and 11. Amendments to the stated claims are in an attempt to further define and 
clarify the claimed invention. Applicant has canceled claim 12. 

Claim Rejections, 

Claims 1-4 and 6-13 are rejected under 35 USC 103(a) as being unpatentable over 
Coley et al. (U.S. Patent 5,790,664), and further in view of Davis (U.S. Patent 5,473,692) 
and further in view of Abraham et al (US patent 5,539,906). Applicant respectfully 
traverses the Examiner's assertion, 

Examiner asserts that Coley discloses, removing a privilege and monitoring the 
number of applications that have privilege to a program. Examiner further asserts that 
Coley fails to disclose transferring the privilege, however, Davis teaches transferring a 
privilege. Examiner still further asserts that Coley and Davis fail to disclose the 
privileges with respect to a resource manager, however, Abraham teaches a resource 
manager. Examiner asserts that it would have been obvious to a person of ordinary skill 
in the art for the resource manager of Abraham to have the privileges of the modified 
Coley and Davis system. 

Applicant's present invention describes a privilege transfer method between 
programs in a computing system. In this method the system's native privileged user may 
start a program (such as a security manager) on the system. Subsequently, the privilege to 
administer the new program is transferred from the native privileged identity to a 
designated user identity. Once transferred, the initial privileged identity, the system's 
native privileged user, losses privilege with respect to the program (security manager) 
and the new registered identity gains administrative control over the program (security 
manager). Since the new registered identity is not the native root identity. 
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As discussed in the specification, one need with regard to the implementation of a 
security manager is establishing a model in order to apply the security manager to a 
computing system and then prevent the normal operating system (OS) administrative user 
from potentially disabling or administering the external manager without the required 
privilege. Applicant's present invention provides this solution. 

The Examiner asserts that Coley teaches removing and monitoring the number of 
application that have privilege to a program. Coley discloses a system for managing 
licensed software, Coley' s system for automatically tracks use of a licensed software 
program, determines whether the software is validly licensed, and enabling or disabling 
the software accordingly. Coley's system involves attaching a licensing system module to 
a software application to facilitate the monitoring of the licensed software product The 
objective of Coley is to address the common shortcoming shared by all licensed software, 
is that it requires some form of manual intervention for registration, enablement, and/or 
re-enablement This objective is met by providing a licensing system that allows software 
use to be monitored in an automated fashion, without user input. Moreover, a software 
licensing system is needed that permits a software provider to transparently control the 
use of licensed software. 

Davis discloses an integrated circuit component for enforcing licensing 
restrictions. Such enforcement is performed through remote transmission of access 
privileges for executing a licensed program from the integrated circuit component to 
another similar component. This process incorporates hardware agents in the transfer of 
privilege between hardware devices that are using a licensed software product This 
transfer is part of the restriction of the use of a software license. 

With regard to Abraham (U.S. Patent 5,539,906), described is a method in which 
the security of data elements which represent an industrial process, is manipulated by 
users on a data processing system and in which the industrial process includes a series of 
industrial process steps, are controlled by permitting groups of users to access 
predetermined data elements based on the industrial process step at which the industrial 
process is currently active, A user is prevented from accessing the requested element if 
the industrial process is not at an industrial process step corresponding to one of the 

7 



80 39Vd 



E2EBUIEU E2-PI 900Z/ZI/T0 



Appl. No. 09/738,367 

Amdt. date January 17, 2006 

Reply to Office action of October 14, 2005 



industrial process steps for which the user has authority to access the data element. Thus, 
access to data is prevented based on the status of the data, in addition to the type of data. 

Applicant submits that although Abraham does describe security techniques 
within the computing system environment, the techniques described in the Abraham 
patent do not describe the methods in the present privilege transfer application. Abraham 
does describe steps where changes to security categories on data change what groups of 
users can access the data In that sense, access capabilities on the data change as the data 
moves through a set of processing steps (industrial process) that change the security 
categories on the data. This is not the nature of the techniques in the present privilege 
transfer application. The privilege transfer application techniques involve transfer of 
privilege to control an application and its related data based on the involved identities and 
associated programs, not any properties of the application or the data. Applicant believes 
these techniques are different and unique from the approaches of Abraham, They are 
identity based and not data based. Key methods of the invention are: 

1. Initiation of privilege transfer to manage a target running application (resource 
manager) by a highly privileged system identity (e.g. Unix super user). Only this 
highly privileged user can initiate the transfer. 

2. Hand-off of privilege to another program and all its descendents along with the 
receiving program's established identity, which does not have any system 
administration privileges. 

3. After the transfer (hand-off), the initiator of the transfer loses all authority to 
manage or interfere with the operation of the involved resource manager. Even 
though the initiator has all privileges to manage the system, it is cannot to subvert 
the operation of the involved resource manager or alter characteristics for any 
resources it controls. 
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4. After the transfer of privilege, the receiver of the privilege retains the privilege 
until it chooses to release the privilege by terminating all its uses of the privilege. 
This happens when the program that received the transfer of privilege and all the 
program's descendent programs terminate. 

Applicant submits that none of the above 4 key aspects of the present invention are 
present in the references cited by the examiner. Applicant submits that the material in 
cited references, independently or in combination, does not produce an obvious path the 
techniques of the Applicant's present privilege transfer application. 

For there to be prima facie showing of obviousness there must something that 
teaches or suggest the combination of the cited references. 

Obviousness cannot be established by combining the teachings of cited references 
to produce the claimed invention, absent some teaching, suggestion or incentive 
supporting the combination. In re Geiget (Fed. Cir. 1987). In other words, elements of 
separate patents cannot be combined where there is no suggestion of such combination. 
Applicant's present invention describes a method within the context of computer system 
security in which certain system resource is given privilege to initialize a resource 
manager such as security manager and subsequently transferring the privilege from the 
system resource having the privilege to a system administrator, Coley focuses on a 
system that automatically manages the use of a licensed software product* Initial 
enablement, re-enablement and disabling of license product are based on the use terms of 
the software license. As the examiner mentions s this system does not address transfer of 
privilege. Davis also focuses on controlling the use of software licenses for hardware 
agents- The transfer descriptions in Davis refer to a copying of a software product on 
various hardware devices of a computing system (Col. 2, lines 8-21). The transfer is a 
physical transfer of a software program. The program has embedded in it features that 
restrict use of the software beyond the license terms. Coley and Davis address the 
management of the use of a commercial software product and not a focus on computer 
system security. Abraham does address computer system security, Abraham's focus is on 
the actual enter workings of the security system and not the initialization of resource 
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manager such as an external security manager by temporarily transferring to a system 
resource a privilege that will allow the initialization of the security manager. 

Applicant first submits that there is no teaching or suggestion in Coley to combine 
Coley and Davis. These references provide two different methods to control/manage the 
use of licensed software by hardware devices in a computing system environment. 
Second there is no teaching or suggestion to combine Abraham with Coley and Davis. 
Abraham is addressing an issue that is not relevant to the management and control of the 
use of commercial software products such as described in Coley, Tfyese techniques are in 
different classes and for different purposes. Applicant submits that it is not obvious for 
one skilled in the art to look to Abraham for solutions to control of commercial licenses 
software product. Further it is not obvious to look to Coley for computer security 
concerns. 

La view of the above explanation, Applicants respectfully submit that none of the 
art of record (alone or in combination) teaches, discloses or even suggests the invention 
as recited in each of Applicant's claims. Applicant further submits that all of the pending 
claims are in condition for allowance. Withdrawal of the rejections and passage to 
issuance is respectfully requested. Applicant believes this reply to be. fully responsive to 
all outstanding issues and place this application in condition for allowance. If this belief 
is incorrect, or other issues arise, do not hesitate to contact the undersigned at the below 
listed telephone number. 

Applicant believes that no fees are due in this case. The due date of January 14, 
2006 fell on a Saturday and therefore is due on the first business day following that 
Saturday which is January 17, 2006. 



Respectfully Submitted, 

Darcell Walker 
Reg. No. 34,945 

9301 Southwest Freeway, Suite 250 
Houston, Texas 77074 
713-772-1255 
January 17, 2006 
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